4

We will need to host a series of Mercurial repositories. For security, we will use SSL encryption in Apache and htpasswd access (required). I tested out a single repository and used hgwebdir.cgi and used the hgweb.config to define the repository path and the allow_push and deny_push directives, but this test setup has only lead to more questions/problems:

I don't see any way to make a different allow/deny push group for each separate repository? ore importantly, I see no method to allow_pull deny_pull — which is quite important as each repository has a different set of users who should be allowed to read or write. We'd like to keep one htpasswd file for all users.

Martin Geisler
  • 1,271
  • 9
  • 23
user9748
  • 267
  • 2
  • 5

3 Answers3

5

I think what you are likely missing is that it is perfectly allowable to create a .hg/hgrc file inside each repository, and those files can contain allow_push and allow_read entries.

Martin Geisler
  • 1,271
  • 9
  • 23
Zed
  • 693
  • 4
  • 11
1

Mercurial-server is a great way to host many Mercurial repos with different access requirements per repos.

If you decide this is not for you then you should take a look at the ACL extension to Mercurial.

Martin Geisler
  • 1,271
  • 9
  • 23
aussielunix
  • 151
  • 4
  • Please note that mercurial-server is a *third-party* tool. It is not needed for maintaining a Mercurial server, though it can be a convenient way to do so when using SSH for access control. – Martin Geisler Dec 18 '11 at 10:38
0

I think the best way to allow_pull or deny_pull is to set up httpd authentication using the htpasswd file. You could use any of the mod_auth mechanisms here to allow each user to pull or push.

You might also look into using the SSH transport for hosting as that will give you a finer grained control over access, at the cost of a slightly more complicated setup.

More info can be found in the Mercurial wiki.

Martin Geisler
  • 1,271
  • 9
  • 23